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INFORMATION TRANSMISSION SYSTEM a-ftd AND METHOD, TRANSMITTING 
APPARATUS, RECEIVING APPARATUS, DATA PROCESSING DEVICE 6tftdr AND 
DATA PROCESSING METHOD, AND RECORDING MEDIUM 

Technical Field BACKGROUND OF THE INVENTION 

[0001] Thio The present invention relates to an information 
transmission system and method, a- transmitting apparatus, and 

receiving apparatusT a**et is suitably applied fee a** for 

delivering information over a transmission system — which — ±-s — fee 

transmit information path, such as via a satellite, 

example . In addition, this the invention relates to a data 
processing device, a data processing method, and a recording 
medium, and in particular, relates to data processing devices, 
data processing methods and recording media which — a^e — capable 
ef — easily restricting terminals — (user) — fee — obtain data when the 
data — ±-s — broadcasted — through — a — satellite — circuit — &ene — example . 
for easily restricting user terminals from obtaining broadcast 
data, such as data broadcast over a satellite circuit. 
Background Art 

[0002] i £ke convent ional Conventional digital satellite 

broadcasting system — utilizes — a systems utilize conditional 
access (CA) in which fefee only those legitimate subscribers who 
have signed up a — contract or contracted for reception are 
allowed to receive the broadcast. 

[0003] In such a conditional access^ a private key is given in 
advance to those subscribers who have signed a contract for 




reception. The A transmitter encrypts the broadcast data_^ 
using the private key, fee — transmit and transmits the data via 
a satellite. Then, the subscribers decode the received 
encrypted waves signals using the private key, which allows 
the permits only those subscribers having — made — a — contract who 
have contracted for reception to watch and listen to the 
broadcast . 

[0004] In recent years a-^_ satellite data transmission system 
is — considered, — which — is — fee — perform — transmission — &€ — data — if* 
systems may transmit as part of a digital satellite 
broadcasting system. Since Because the satellite circuit ie 
rapid — if* — transmission — speed — compared — fee — such — circuits — as — fehe 
telephone — circuit — aftd — ISDN, — ifc — ha-s — a — merit — e# — transmitting — a 
large — amount — ei — data — if* — a — short — time . has a much faster 
transmission speed when compared to other systems, such as 
standard telephone circuits and ISDN, large amounts of data 
may be transmitted in a short time. 

[0005] In this the satellite data transmission system, i# 
various reception controls eaf* may be used if* for (i) general 
message communication to transmit the same data to all the 

recipients (this is called "broadcast" hereinafter) , et&dt 

recipients (known as a "broadcast") , (ii) group communication 
to transmit the same data to a certain specific group of 
recipients (this — is called multicast hereinafter) , — in addition 
to an (known as a multicast), or (iii) individual communication 
to transmit a different set of data to individuals — (this — is- 

callcd — "uni cast" — hereinafter) , the — usability — e£ — the each 

individual (known as a "uni-cast) . Thus, the potential uses 
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for a satellite data transmission system may — increase are 
significantly increased . 

[0006] The llowcvcr, — feke conditional access system , however, has 

a- the problem that reception control eaft aet cannot be 

utilized in t**e used for a uni-cast a**d or multicast 

communication because it this system is designed eft with the 
assumption that all the recipients always receive and watch 
the same information. 

[0007] Further, it — io possible to secure a greater plurality 
of channels may be delivered in the same band as tfee — case — e# 
transmitting data digital data that is transmitted in the form 
of analog signalsv — and to provide . Also, higher guality e# 
images and sounds 7 — when — transmitting — images , — and sounds, — etc. 
are provided when transmitted in the form of digital data 7 — 
that — iR — such — a — field — a-s-. Thus, satellite broadcasting and 
satellite communication— systems a^ee — increasingly — diffusing , 
which is — to provide images and sounds in the form of digital 
data , are proliferating . Such digital satellite broadcast 
services arc commenced as include SkyPerfect TV! and DirecTV 
in Japan, DirecTV in the United States , and Canal Plus in 

Europe 7 — for example . The digitalization of broadcasts makes it 

possible te reduce reduces the broadcast costs cost per 

channel- and te — provide provides programs and data that are 

processed by ttee computer. Also, because ei such 

digitalization— permits the widespread use of services a^e 
spreading, in which programs, images, etc. are provided 
linking that are linked to each other. 

[0008] In a digital satellite broadcast services the service, 
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digital data e# representing images and sounds i-s- are 
converted into a format based — e ft, such as the MPEG — (-Moving 

Picture Experts Group -) 2-? — D¥B ( - (MPEG) 2 format or the 

Digital Video Broadcasting - f(DVB) format which is derived from 

the MPEG 2, and furthermore, then multiplexed be 

transmitted for transmission in the form of radio waves. 
Received — by — a The radio waves are transmitted and received by 
the transponder of a satellite, where the radio waves are 
amplified— and subjected to other necessary processes — be 
transmitted for re-transmission to the earth. 

[0009] The transmission band for the transponder 4r& may be as 
fe^rg wide as 30Mbps (Mega bit (Megabits per second)— so that it 
is possible to distribute digital data of high quality may be 
distributed at high speed utilizing the whole e£ — such — a — bi-g 
band. — (Note, — however , — that, — even though the transponder has a 
transmission — band — e£ — 3 0Mbps a width of the band. Though the 
actual transponder transmission band is 30Mbps , a real 
transmission band would be — somewhere is around 27Mbps_ i _ at most 
because ^ to allow the inclusion of error correction codes e^ee 
generally affixed. ) _^ 

[00010] However, — general ly Gener ally , the transmission band for 
the transponder is used by being divided into many #e^e bands 
of multiple channels 7 — because of costs. — In this case, — although 
to reduce cost. Though the content of the digital data 

transmitted on each channel -ts — different, a differs, the 

mechanism e-f- by which the receivers which receive the digital 
data on each channel remains the same or common . Consequently, 
a conditional access (CA) mechanism is necessary — £e*= — allowing 
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fe4*e — only — limited — users — fee — receive — digital — data — provided, 
needed to allow only permitted users to receive the digital 
data . 

[00011] That — is — fee — say, — ±-r — fefre — case — — performing — so called 

data — broadcasting — if* — particular , a-s -For data broadcast, in 

particular, the quantity of data per program is smaller small 
when compared to the case — e£ — distributing images or soundsy 
distributed so that a charging unit or charging system is 
expected to become more complex. Therefore, a conditional 
access mechanism capable of performing more specific reception 
control is needed to cope — with address such a problem. The 
conditional access mechanism is also required to prevent 
leakage passage of secret information ift during distribution. 
[00012] Generally, ferhe conditional access mechanism is realized 
is attained by performing encryption on a data stream fee — be 
before it is distributed. As — fee Two types of encryption 
methodST — two types are known, roughly; namely (i) a common key 
cryptosystem-f-^ also known as a private key cryptosystemf-^ and 
(ii) a public key cryptosystem. -if* For digital satellite 
broadcasting^ the common key cryptosystem is more often — used 

common because of a lighter load smaller number of 

encryption/decryption processes are used when compared to the 
public key cryptosystem. 

[00013] In the common key cryptosystem^ a row of codes being 
that comprise a decryption key equivalent and correspond to an 
encryption key is given to a certain subscriber A by some 

methodv a^d — data _^ Data is encrypted with for distribution 

using the encryption key for distribution . The encrypted data 
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is designed ee — a-& to make it hard to analogize derive the 

encryption key (decryption — key) a**d./_ decryption key or the 

original data by means — e# , whether by converse calculations or 
other means. Accordingly, — an un Thus, a non -subscribed user B 
eafi — ftotr cannot accurately restore the original data correctly 
even if receiving the user B receives the encrypted data. On 
the other hand, the subscribed user A can restore the original 
data by decrypting the encrypted data with — fefee — ttse — e# using 
the decryption key given when the contract is made. 
Therefore, the making of a contract for reception subscription 
is equivalent to reception of the a decryption key. 
[00014] By the way, — in the — caoc that both When both users A and 
C are subscribers^ for example, when and the contract with A 
expires, or when the user A does a wrong things action , the 
current encryption key is changed, and a decryption key 
equivalent to the new encryption key is provided to user C 
only. Thereby Thus , the user A who was previously a 

subscriber or did the a wrong things — can not act cannot decode 
data which — ir& encrypted with the new encryption key, while 
whereas the legally subscribed user C can normally readily 
decode the data 7 — which — ie encrypted with the new encryption 
key 7 — with the new decryption key, — without problems . 
[00015] It is t rouble somc dif f icult , however, to alter an 
encryption key, and furthermore it is further difficult to 
provide a new decryption key equivalent corresponding to trhe a 
new encryption key to e lawful subscriber — every — time — when 
subscribers whenever the subscription of e another user 
expires or when whenever improper conducts — a^ee conduct is 




discovered. 

Dcocription of the — Invention 
SUMMARY OF THE INVENTION 

[0016] The present invention is — made — ift — consideration — ei — feke 

foregoing points, and intended fee propose provides an 

information transmission system and method, and transmitting 
apparatus, and receiving apparatus that are capable of 
performing reception control in various modes. In addition, 

the present invention is intended — fee — fee able fee easily 

restrict restricts users fee that can obtain - f (or receive) data 
correctly . 

[0017]^ -r — order — feeTo solve such problems, if* an information 
transmission method according to an aspect of the present 
invention ef — transmitting transmits data from a transmitting 
apparatus through a predetermined transmission circuit to a 
plurality of receiving apparatuses apparatus , each having an 

individual address 7 when . When the data is individually 

transmitted to the receiving apparatuses, an individual 
address e£ for each receiving apparatus is affixed to the 
dataT — and when . When common data is transmitted to a certain 
group of receiving apparatuses apparatus , the data is affixed 
with common address information denoting ferhe — common a portion 
of their addresses that is common to all the receiving 
apparatuses of the voluntary group, ew^ as well as with 
address range information defining the portion that is common 
to all the addresses. Then, — fetee The data is received— and eaft 
fee i_s decoded only when the individual address and the address 
affixed to the data coincide with each other, — a&dt or only when 
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the individual address and the common address information 
affixed to the data agree with each other within the portion 
denoted by the address range information. 

[0018] According to another aspect of the invention, an 
information transmission method transmits data from a 
transmitting apparatus through a specified transmission 
circuit to a plurality of receiving apparatuses, each having 
an individual address. When common data is transmitted to the 
receiving apparatuses apparatus of a certain group, the data 
is affixed with common address information denoting the — common 
a portion of their addresses common to the receiving 
apparatuses of the voluntary group, and as well as address 
range information defining the common portion of the address. 
On the side of receiving apparatuses^ the individual address 
and common address information affixed to the data are 
compared based on a — basis — e# the range denoted by address 
range information, and when the results of the comparison 
coincide with each other, the data can be decoded, thus easily 

performing reception control in various modes ift easy 

structure . 

[0019] A data processing device according to a further aspect 
of the present invention comprises retrieving means for 
retrieving^ as the marked entry^_ an entry having an address 
coinciding with the address of a data block from — a**3 by 
referring to a table containing having addresses and entry 
validity information indicating that indicate whether the 
entry to which the address is registered is validT — judgment 
mean — £e^e — judging . Judgment means judges whether the marked 
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entry is valid based on the entry validity information 
registered to the marked entryT — aftd — output . Output control 
means £e*r — controlling controls the output of data arranged in 
the data block based on the judgment result obtained by the 
j udging means . 

[0021] When the marked entry is valid, the output control means 
outputs the data at an address arranged in the data block r and 
ea*t may destroy the data when the marked entry is not valid.— 
Furthermore, when the data is encrypted, the data processing 
device may be provided with a** a decoding means for decoding 
the encrypted data. 

[0022] When — feh eThe data ie may be encrypted with using a key 
assigned to the address of the data 7 — and when cach ^ Each entry 
of the table ka-s- may have a registered key assigned to the 
address^ in addition to the data address^ and entry validity 
information 7 — fehe^ The decoding means eanR: may decrypt the data 
with the use of the key registered on the table. 

[0023] The decoding means eaft may decode fefee data arranged in 
the data block with using the uee — ef — fehe key eft within the 
table assigned to the address of the data block. Key When — key 
validity information indicating whether the key is valid ie 
may be registered to each entry eft — fehe — table, — *r — addition — fee 

fe-he — address, entry — validity — information, &**d — t-he — key, the 

decoding — means — judges in the table. The decoding means may 
judge whether the key is valid based on the key validity 
information of the key assigned to the address of the data 
block, and if the key turns — et*fe — fee — fee i_s valid, the data can 
may be decoded with the use of that key. 
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[0024] More than two keys assigned to that the address can may 
be registered to each entry of the table, in addition to the 
address and entry validity information. Key validity 

information indicating whether one or more of the keys are 
valid may be registered to ¥e each entry of the table can be 
rcgiotcrcd — key validity information — indicating whether the — key 
is valid ao to each of more than two keys . 

[0025] AThe data processing device employing of the present 
invention may be furthermore provided with table storage means 

for storing the table. The address may be the MAG (-Media 

Access Control -) - ( MAC ) address of a communication terminal 
receive that receives data. Data blocks may conform to the 

Digital Video Broadcasting (DVB) specifications, The 

opecif icationo — e£ — fcke — DVB — (Digital — Video — Broadcaoting) . A data 
processing device employing the present invention may be 
produced — e£ — a — one chip — — ( Integrated — Circuit) . a one-chip 
Integrated Circuit ( IC) . 

[0026] AAccordinq to a still further aspect of the invention, a 
data processing method employing — fehe — present — invention — i-s- 

charactcrizcd fey and comprises fefee retrieval step e# 

retrieving — as — fe-he — marked — entry — comprises retrieving, as the 
marked entry, an entry having an address coinciding with the 
address of a data block from — aftd by referring to a table 
containing having addresses and having entry validity 
information indicating — whether — aft — entry — te — which — feke — address 
is — registered — ts — valid, — j udgmcnt — step — e£ — judging — whether — the 
marked — entry — is — valid that indicates whether the entry is 
valid. The validity of the marked entry is judged based on 
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the entry validity information registered to the marked entry— 
and — output — control — step — e£ — controlling — the . The output of 
data arranged in the data block is controlled based on the 
judgment result obtained by the — judging mcano . 

[0027] A recording medium according to yet another aspect of 
the present invention is — characterized — by — a**d — comprise — t-ke 

retrieval step retrieving comprises instructions for 

retrieving, as the marked entry^ an entry having an address 
coinciding with the address of a data block from — aael by 
referring to a table containing . The table contains an address 
and contains entry validity information indicating that 
indicates whether the entry to which the address is registered 
is valid 7 — judgment — step — af — judging — whether . The validity of 
the marked entry is valid determined based on the entry 

validity information registered to the marked entry 7 aftdr 

output — control — step — e£ — controlling — the . The output of data 
arranged in the data block is controlled based on the judgment 
result obtained by the judging means. 

[0028] ^According to an additional aspect of the invention, a 
data processing device^ data processing method, and recording 
medium retrieve^ as the marked entry^ an entry having an 
address coinciding with the address of a data block from and 
referring refer to a table containing an address and as well 
as containing entry validity information indicating whether 
the entry to which the address is registered is valid. And, 
judgment — is — made — en — whether Whether the marked entry is valid 
is judged based on the entry validity information that is 
registered to the marked entryT — based — en — fe**e — result — e£ — which 
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t**e_. The output of data arranged in the data block is 

controlled based on this result . 

[0029] According to the data processing device, the data 
processing method and the recording medium employing — t-he 
prcscnt — invention , an entry having an address matching the 
address of a data block is retrieved as the marked entry from 
a table— by_ referring to the same table having that has an 
entry registering an address and entry validity information 
indicating whether an entry to which the address is registered 
is valid. And, — it rt is judged^ based on the entry , whether 
the validity information registered to the marked entry 
whether the marked entry is valid 7 — based . Based on the this 
result — whieh ^ the output of data arranged in a data block 
is controlled. As — a — result Thus , it is possible to easily 
restrict the users that are capable of obtaining data 
normally. 

Brief Description of the Drawings 
BRIEF DESCRIPTION OF THE DRAWINGS 

[0030] Fig . 1 is a block diagram showing the whole structure of 
a satellite data transmission system according to an 
embodiment of the present invention. 

[0031] Fig . 2 is a block diagram showing the circuit structure 

of et the receiving apparatus . device shown in Fig. 1. 

[0032] Fig . 3 is a schematic diagram showing a header format. 

[0033] Fig. 4 is a schematic diagram showing relations the 

relation between masks a mask and the MAC addresses. 

[0034] Fig . 5 is a schematic diagram showing the data structure 

of a key table. 
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[0035] Fig . 6 is a flowchart explaining illustrating the steps 
of a decode processing operation of the invention . 
[0036] Fig . 7 is a block diagram showing a — structural an 
example of a** — embodiment the structure of a broadcast system 
employing the present invention. 

[0037] Fig . 8 is a flowchart explaining — feke — processing — by — a 
transmission — system — 1-9-1 — ift — Fig . — 3- ^illustrating the steps of 
the processing operation of the invention carried out by 
transmission system shown in Fig . 7 . 

[0038] Fig . 9 is a diagram showing the format of a section and 
a section header. 

[0039] Fig . 10 is a block diagram showing a — structural — example 
the structure of a receiving apparatus 122 shown in Fig. 7. 
[0040] Fig . 11 is a diagram showing a key table. 

[0041] Fig . 12 is a flowchart used in explaining the processing 

by a illustrating the steps of a processing operation 

performed by the receiving apparatus 122 shown in Fig. 10. 
[0042] Fig . 13 is a block diagram showing a — structural an 
example of eft — embodiment — — a — computer a processor employing 
the present invention. 

Best Mode for Carrying Out the Invention DETAILED DESCRIPTION 
[0043] Hcrcinaf tcr , aft — embodiment Embodiments of the present 

invention will — be are now explained in detail with reference 

to the drawings . 

(1) First Embodiment 

(1-1) Whole Structure of Satellite Data Transmission System 

[0044] j ^ftFig . 1 7 a — reference — numeral 1- shows the — whole a 

satellite data transmission system 1 to which the present 
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invention is appliecb et&& — which — consists — & £. The system 1 

includes a transmission system 2, a satellite 3, and a 
plurality of reception systems 4 each having substantially the 
same structure. The transmission system 2 and each of the 
reception systems 4 are connected ef* via the Internet 5. A 
contract — is made — ±n — advance — on the An agreement permitting use 
of the satellite data transmission system 1 is typically made 
in advance between a service provider managing that manages 
the transmission system 2 and each recipient — having of the 
recipients that have a reception system 4 . 

[0045]^ftThe transmission system 2 includes a control device 
10 , which controls the transmission system 2, a — control — device 
-tG — fee — control — fe-he — whole — transmission — system — 2-r a circuit 
connection device 11, a data server 12, and a transmission 
processing device 13 which are connected to each other over 
a local network 14. 

[0046] The control device 10 receives a- data read-out demand 
which — is- demands that are transmitted from by an information 
processing device 22 in the reception system 4 . Responding In 
response to the data read-out demand, the control device 10 
reads out data from the data server 12 or a from an external 

data server (not shown figure ) eft)_ received via the 

InternetT — which 5. The data is then fed to the transmission 
processing device 13 by the device 10 . 

[0047] The transmission processing device 13 stores an 
encryption key correspondence table which shows — HAG — ( -holds the 
Media Access Control -) - (MAC) addresses being , namely the 
identification numbers inherent corresponding to the 
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respective information processing devices 22 ±r — tfee — reception 

systems 4-? a**d j_ and which holds the private keys 

corresponding that correspond to each of the MAC addresses. 
Based — e» Using the encryption key correspondence table, the 
transmission processing device 13 encrypts the read data with 
fehe — uee — e# using a private key matching that matches the MAC 
address of the an information processing device 22 which that 

is a the transmission destination. Further , the The 

transmission processing device 13 ma kes — ^-0^ — the then assigns a 
value of "1" to the GKi — (-Common Key Indicator 7 — to be described 
later) — e£ — t-he — data — te — be — transmitted — fee — aii — fe-he — information 
processing — devices — 2-2 — a-s — the — broadcast — and — encrypts — i-fe (CKI ) 
of the data. Alternatively, the device 13 encrypts the data 
using a given common key- — Furthermore, — the and assigns a CKI 
value of "0". The transmission processing device 13 packets 
the encrypted data., in the format — defined — fee — fehe — DVB — (Digital 

Video — Broadcasting) data — broadcast — specifications , — which — i-s- 

then transmitted accordance with the Digital Video 

Broadcasting (DVB) data broadcast specification, and a 
transmitter 15 then transmits the formatted data as an uplink 
wave S2 to the satellite 3 via the transmission 15 . 
[0048] Upon — feke — receipt — e #After receiving the uplink wave S2^_ 
the satellite 3 amplifies ife the wave and transfers — ife — ae- re- 
transmits the downlink wave S3- to the reception system 4 as a 
downlink wave S3. The systems — 4 . In — the reception system 4— 
the includes a receiving device or apparatus 21, the a line or 
circuit connection device 24- 2_3, and a plurality of 
information processing devices 22 being which may be , for 
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example, personal computers et&e — connected — fee — each — other — eft — a- 
local — network — 3-4-. The receiving apparatus 21, the processing 
devices 22, and the circuit connection devices 23 are 
connected to one another using a local area network 24. 
[0049] The receiving apparatus 21 decodes the dataT — which — Re- 
transmitted to the information processing device 22— by 
performing demodulation processing and decode processing eft 
the downlink wave S3 that is received via a receiving antenna 
20-, — aftd . The receiving • apparatus 21 then supplies ±% the 
decoded data to the information processing device 22. 
[0050] When a user initiates a data read-out demand ie — made — 
a uocr , the information processing device 22, reoponding to — it- 
in response to the demand , transmits the data read-out demand 
to the transmission system 2 via the circuit connection device 
23 eft via the Internet 5. 
(1-2) Structure of Receiving Apparatus 

[0051] Next, explanation — will — fee — given — eft — t& eThe receiving 

apparatus 21 in the reception system 4 is now described in 
greater detail with reference to Fig. 2. The In the receiving 
apparatus 21— includes a GPU — (-Central Processing Unit -) — ^0- 
controlling — teke — wfeejr e(CPU) 30 which controls the receiving 
apparatus 21— and which is connected, with via a bus 39, to a 
front end unit 31, a demultiplexer 32, a receiving filter 33, 
a decoding unit 34, a checker 35, a buffer 36, a key table 37, 
and an interface unit 38 . 

[0052] The front end unit 31 demodulates the downlink wave S3 
that is received via the receiving antenna -3-9-? — which — ±e — #eel 
and feeds the demodulated wave as a data stream D31 to the 
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demultiplexer 32. The demultiplexer 32 separates ^-he — only 
necessary packets from the data stream D31 based on tfee — Pi© 
(Packet — ID) , their Packet IP's (PID's) and supplies them the 
packets to the receiving filter 33. The receiving filter 33 

checks the payloads of the packets supplied from fc-he 

demultiplexer — 32 to destroy packets and eliminates any packets 
that are unnecessary for data decode processing. 

[0053] In accordance with a decoding process — be described 
later herein , the decoding unit 34 refers to the a key table 

with 37 , using the MAC address of the information 

processing device 22 (Fig. — 3^ — as the retrieval kcy ^ to obtain a 
decoding key from the key table 28. Then, — fehe The decoding 
unit 34 then decodes the data stream D31 with the use of using 
the decoding key obtained, and supplies the resultant £es — fefee 
decoded data D34 to the checker 35. 

[0054] The checker 35 examines determines whether or not the 
decoding — processing — ie — conducted correctly with — regard to — fefee 
decoded data D34 was decoded correctly . Then, responding in 
response to a demand from the CPU 30, the buffer 36 inputs the 
decoded data D34 to the interface unit 38 through via the bus 
39. The interface unit 38 then supplies the decoded data D34 
to the information processing device 22 eft over the local 
network 24 (Fig. — l-K 

[0055] In this way manner, the receiving apparatus 21 receives 
the downlink wave S3, extracts the only the data that is to be 
supplied to the information processing device 22, and supplies 
it to the information processing device 22 the data thereto . 
(1-3) Decode Processing of Digital Stream 
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[0056] A s — shown — ift- Ref err ing to Fig. 3, the digital stream D31 
is — af f ixcd — with includes packet header information located at 
the top of feke a payload section as well as a stuffing byte 

(invalid — byte) a**€l — &R€ (- that indicates the presence of an 

invalid byte and a Cyclic Redundancy Code - f(CRC) that are 

located at the bottom of the payload 7 aftd: section , The 

digital stream is encapsulated -se — as- to be processed as a 

section based ©ft- defined according to the DVB data 

broadcasting specif i cations ( Datagram - section) . ¥he MAG 

addrcsoft 6 means a byte — (8 bits) — from Bit 7 — to Bit — 3r&r — with the 

specif ication, known as a Datagram-section. The Datagram 

Section includes a six byte MAC address, identified as MAC 
address #1 to MAC address #6, each of which is comprised of a 
byte (8 bits) having bits from Bit D7 to Bit DO. The highest 
bit of the MAC address a-s- is at Bit 4-?- D7 and the lowest as- 
Bit 0_. is at Bit DO. 

[0057]3 % eRef erring back to Fig. 2, the decoding unit 34 
determines whether to receive a packet— based on a — basis — e£ 
the MAC address described stored in each packet of the 
received data stream D31 received — and — and based on the key 
table 37. Here, -tn — such packet — discrimination processing the 
receiving apparatus 21 according — fee — fefee — present — invention 
performs may perform (i) a mask bit process to designate — a bit 
position determine the bit positions that are to be compared 
ift with those of the MAC address— of a packet, (ii) a MAC 
address conversion process — fee which converts the MAC address 
of a packet into a value having less fewer bits and fee 
discriminate then discriminates packets using the converted 
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value, and or ( iii ) a MAC address pass process to let the 
packets having a specific MAC address pass unconditionally. 

[0058] The mask bit process i-s — te — perform takes a logical 
product eft between the mask bit and the result of a comparison 
between the MAC address described in of the section header and 
the MAC address in the key table 37. When the — exclusive or — 

taken — a-s teke logical — product a-s &-, the MAG address 

described in — the — session header — as MR, — k - th AC address — in the 
feey — table — as — MAG — ( k) , — a^d — the — weight — e£ — the — bit — as — ±- f — the 
following — equation — ±-s — calculated Specifically, the following 
relation represents the process carried out for each bit in 
the range of 0 < k < 47: (- (MR X * MAC i (k) ) ) & MASK i (k) 

( 1 ) , where A represents an exclusive OR operation, & 
represents a logical product, MR i is the MAC address read from 
the session header and stored in the MR register, MAC i (k) is 
the k-th MAC address stored in the key table, and MASK i (k) is 
the k-th mask value stored in the key table. When the logical 
product is "0", the masked portions of the two 01 4 7 . 

(-(MRI A MAC1 (k)))&MASKl U0 — (1) 

Only — when — ft±-± — the — results — a^e — "0", — both MAC addresses are 
identical . 

[0059] It means — that Thus, bits of the MR and the MAC address 
addresses are compared only when where the mask is- has a bit 
e# value "1". ^Fhe Fig. 4 shows an example of the relations 
relation between this each mask bit and the comparison 
operation between the MR — a*td — tke — MAG — address . MAC address 
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stored in the MR register and a MAC address stored in the key 
table . 

[0060] ^ — t-he — caoc — of Fig. 4 shows an example in which the mask 
bits are "0" from bit DO to bit D3- and are "1" from bit D4 to 
bit D47. When the a mask address is checked using — fe&e — mask 
bits, — fc-he — samcnegg — of the MAC addregg — and MR in a — section — from 
©4 — t-e — D 4 7 , — i-n — which based on the mask bits, a MAC address in 
the key table and the MAC address in register MR are compared 
from bits D4 to D47 , namely the bits where the mask bits are 

all xx 1 "7 ±-s the condition fef the identity ef t-he — MAG 

addreggeg , — while — fefee — gamcnegg — By contrast, the MAC address 
and MR docs — not matter — — a — section — from the register MR need 
not be the same in bits DO to D3 where the mask bits are all 
"0". Thus, by checking only a- part of the MAC addresses using 
the mask bits, it is possible to conduct — t-he carry out a 
multicast (group — communication) — where or group communication 
whereby the same packets are distributed to certain 
information processing devices 22 each having e- different MAC 
addregg . addresses . Also, with when all the mask bits being 
are xx l", that is- "OxFFFFFFFFFFFF", all the bits of the MAC 
address are checked, whereby fehe so that a uni-cast 

(individual communication) can be carried out. 

[0061]^ftWhen carrying out the a multicast using mask bits, it 
is premised on an assumption assumed that a common part exists 
in the MAC address of each information processing device 22— 
However — ife — ±-s — hard — fee — prepare — ouch — information — processing 
devices — 2-2-? — a-ftd — besides — i-fc — ts — feared — that that is to receive 
the multicast data. However, such MAC addresses are hard to 
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prepare, and further flexibility may be wanted if* when running 
a system. In this case, the problem can be solved by 
artificially creating a common part in the MAC addresses 
falsely of the devices 22 by rewriting the packet header eft 
the — basis — ei — the based on a correspondence table of the MAC 
addresses of actual information processing devices 22 and the 
MAC addresses described in the packet headers. 

[0062] The MAC address conversion process is — te — operate — a 
certain formula — (Hash function) — with regard to uses a formula, 
such as a Hash function, for operating on an input MAC address 
to obtain a value reduced — te — a — bit — number — smaller — than — 4-8- 
bito, — and perform a — ocarch on a table — (Haoh table) — dcocribing 
whether — fee — iet — ife — pass, having a smaller number of bits than 
the 48 bit MAC address and then searches a table, such as a 
Hash table, to determine whether to let the address pass with 
the, obtained value used as a key. The reason — why — tke — bit- 
number of bits is reduced is because so that the Hash table is 
made smaller. Any Hash function may be used as long as it be 
is able to distribute input MAC addresses well. For example, 
obtain for a CRC 7 — and assume that the whose higher 6 bits are 
defined as p, a-FKi when Pass (p) ie= "1", allow it the packet 
is allowed to pass, and when Pass (p) = "0", destroy it the 
packet is destroyed . Here, the pass function is the a table 
of 2 6 = 64 bits. In this way, the circuit scale of the decoder 
unit 34 can be made smaller by reducing the feit number of bits 
of a MAC address using the Hash function. 

[0063] The MAC address passage process is — te — let — it lets the 
packet pass if a MAC address described in the header of a 
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packet is an address for a specific broadcast regardless of 
the its state e£ in the key table. If a** a MAC address 
described in the header of a packet is of value 
0xFFFFFFFFFFFF-(t4*is — address — is — called ^ known as a "broadcast 
address"-)-? — it, the message is always reckoned as considered a 
broadcast and allowed to pass. •£« — tfee — present — invention — this 
The MAC address passage process is — made occurs prior to the 
mask bit process and MAC address conversion process. Because 
of this Thus , it is not necessary to search the key table when 
the MAC address described in the packet header is a broadcast 
address, resulting in the — improvement — e# improved process 
speed . 

[0064] In this manner^ the decoding unit 34 discriminates 
packets based on the — basis — e# a MAC address described in the 
header of a packet, the MAC address of an information 
processing device 21, and mask bits. 

[0065] Subsequently, the decoding unit 34 detects whether or 
not the above discriminated packets have — been are encrypted. 
If the packets have been encrypted, et decoding process is 
performed with using a decoding key taken eut — e£ — the from a 
key table. For the a broadcast, however, it — is — necessary to 
prepare a common key is prepared which is a decoding key 
shared by that is common to a plurality of MAC addresses. 

[0066] The receiving apparatus 21 employing the present 

invention judges whether to use a common key— using the 
section that is the 6th byte from the highest- fr, namely bit D7 
of the second byte on the second line in Fig. 3-H — This — is- 
called — "CKI" — (Common — Key — Indicator) — ift — the — present — invention . 
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■i-fe — ±-s — stipulated — that, — when — fehe — CKI . This value is called a 
Common Key Indicator (CKI) ■ When the CKI value is "1", an 
individual key is used 7 — which and is extracted from the key 
table by means — e# using the register MR, the MAC address, and 
the mask bit 7 — and that, — when . When the CKI value is "0", the 
common key is used regardless of the setting of the key table. 
In the DVB data broadcast specifications^ the CKI is defined 
as a "reserved" bit with "1" taken as feke its value. A common 
key being is considered fee — be — rather a special processing 
method when compared to an individual key, the — agreement — with 
the — DVB — data — broadcast — specif i cations — ±-s — attained — by — fehe 
stipulation so that stipulating that a common key be used when 
the CKI is "0" attains agreement with the DVB data broadcast 
specifications . 

[0067 ] A lthough a special storage area may be prepared for a 
soaring, common, key, it., is desirable — fee — share preferable to 
store the data on a special line eft in the key table, ma king 
so that the read-out process common — fee is the same as for an 
individual key es — well — as — enabling — fefee — effective — t*se — e# and 
more efficiently uses the storage area. Preferably^ the 
starting line, namely the first line should — be , of the key 
table is designated as the special line. Because the first 
line docs — exist exists regardless of the number of lines n of 
the key table ^se — that^ it is possible to retain or retrieve 
the common key without changing the order of the procedure 
regardless of feke — existence — e£ whether receiving apparatuses 
with exist that have different values of n. 

[0068]¥ ke— Fig. 5 shows the structure of the key table 37. The 
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^MAC address #1^ denotes fe£e a 48-bit MAC address described on 
the first line of the key table, the "mask #1_^ denotes a mask 
bit — a magic bit — corresponding the 48 mask bits that correspond 
to the MAC address #1, and ki Even / klOdd — denote — key — data — e# 
Even/Odd — corresponding — fee — each — MAG — address — #ir — having k p0 dd 
denote even and odd key data of that correspond to the MAC 
address #1, Each of the even and odd key data has a bit width 
m based on an encryption form. The key table possesses — a 
plurality — £ft — pes . ) — e£ — structures — similar — fee — feke — above , — The 
greatest — number — or 1 — upper — limit — is — determined — by — fehe — circuit 
scale — the — key — table — 3-8 — eeft — have . comprises a plurality of n 
such data structures. The circuit scale of the key table 37 
determines the upper limit of the value of n. 

[0069] The MAC addresses and the key data each hets — aft have its 

own independent valid flag 7 ma king — it — possible to manage 

whether . the _ individual values are valid e3? — net — individually , 
so that the individual valid flags can be utilized to 
discriminate MAC addresses as well as key data . Also, because 
the key table has an independent flag for each line, the key 
table may contain vacant lines (invalid — lines) . or invalid 
lines . Accordingly, what — is needed to temporarily nullify the 
information of particular lines temporarily — is — fee — simply makc^ _ 
the Valid bits of the MAC addresses are set to "0", which is 
preferable for a process carried out at high speed. The 

decoding unit 34 decodes packets with using the use e# 

decoding keys thus obtained. 

(1-4) Decode Processing Procedure 

[0070] Next, an explanation of the decode — processing — procedure 
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decoding process for digital streams will be is given with 
reference to the flowchart ift of Fig. 6. The decoding unit 34 
starts the processing , shown at step RTl, and after reading 
writes the 48 bit MAC address of 4 0 bito described in the 
packet header into a register MR , as shown at step SP1, 

and proceeds to the next step SP2 . 

[0071] At the step SP2^_ the decoding unit 34 judges whether the 
value of the register MR is equal to the broadcast address 
(0;crrrrrrrFFFFF) value, namely the value OxFFFFFFFFFFFF . When 
an affirmative result is obtained a4^_ the step SP2, it unit 34 
denotes that the value of the register MR is equal to the 

broadcast address, that is *e — s^f, fchis- the packet is a 

broadcast packet. Skipping the Omitting steps SP3 and SP4, 
the decoding unit 34 moves eft directly to the step SP5. 
[0072] On the other hand Alternat ively , when a negative result 
tee is obtained at. the step SP2 it mcano , namely that the value 
of the register MR is not equal to the broadcast address, that 

ie, this value, the packet is not a broadcast packet. The 

decoding unit 34 then proceeds to the step shown at SP3. 
[0073] At thcAs step SP3 shows, the decoding unit 34 searches 
each line e» of the key table from ttl line in order on the 
baoio — of the 37, starting from line #1, using the above 

expression (1) to chcclc to — see — wheft determine whether the 

Valid bits are — (namely, of value "1", namely wh ether the 
line is in a valid state^ and whether there cuiotn valid 
lines exist where the register MR and the MAC address are 
equal ift for all the bits ift of a section having the mask bit 
of value "1". 
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[0074] When an affirmative result is obtained at the step SP3, 

it — means — that there — exists lines — lines exist where the 

register MR and MAC address are equal in all the bits if* of a 
valid section having the mask bits of value "1", then and the 

decoding unit 34 goes ©ft proceeds to tfee step SP5. 

Alternatively, when Whereas , a negative result 7 when is 

obtained at — feke — stop — SP3 , — indicates — that _g_ there is no line 
where the register MR and the MAC address is are equal if* for 
all the bits if* of a valid section having that have the mask 
bits of value AX 1". Then, the decoding unit 34 proceeds to the 
step SP4. 

[0075] A t thc As shown at step SP4 Z _ the decoding unit 34 creates 
a Hash value out of the MAC address described in of the packet 
header with — tfee — ttee — e# using a Hash functionT — with which and 
uses the Hash value to retrieve a specific Hash table ie 
retrieved,, and it is — judged whether a bit corresponding to the 
Hash — value — is — " 1 " . value bit. The decoding unit then judges 
whether the Hash value bit has a value of " 1 " . 

[0076] A — negative result at t4*e step SP4 , when — obtained, 

indicates — that When a negative result is obtained, the bit of 
the Hash table is- has value ^0" 7 — af*d which indicates that this 
the packet is not a packet that a receiving apparatus 21 is to 
receive 7 — then . Then, the decoding unit 34 proceeds to tke 
step SP13 and destroys that eliminates the packet 7 — terminating 
the and terminates processing , as shown at the step SP14. 

[0077] On the other hand, when an affirmative result is 
obtained at — t-ke — stop — SP 4 , — it — means — that^ _ the bit of the Hash 
table is has a value of "1", and this thus the packet is a- 




packet one that the receiving apparatus is to receive. The 
decoding unit 34 movco — eft then proceeds to the step shown at 
SP5. 

[0078] At: — t-feeAs step SP5 shows, the decoding unit 34 judges — eft 
tfee — basis — e£ — tfee — values determines, based on the value of 

lower bits of the -PS€ (-Payload Scrambling Control -) (Fig . 

•3-)- ( PSC) of the packet header shown in Fig. 3, whether the 
packet fees — been is encrypted. When a negative result is 
obtained at the step SP5, it — means — that the lower bits of 
value are "0", that is— the packet has is not been encrypted. 
Then, — tfee The decoding unit 34 then proceeds to the step shown 
at SP14 and ^_ transfers the packet to the checker 35 at a — later 
stage without performing — aft any encryption cancel processing, 
terminating the and terminates processing. 

[0079] Whereas , When an affirmative result efc — fcfee — step — SP5, 
when _ is obtained, indicates — that the lower bits are of value 
"1", namely the packet fees — been is encrypted. The decoding 
unit 34 then moves on to the shown at step SP6. 

[0080] A t — t-feeAs shown at step SPe^ the decoding unit 34 judges 
eft — fefee — basis — e£ determines, based on the value of the CKI 
(Fig. — 3^- in the packet header shown in Fig. 3, whether the 
packet fea-s — been is encrypted with — tfee — t*ee — e# using a common 
key. When an affirmative result is obtained et — tfee — stop — SP6, 
it means — that , the CKI is of value "0", that — ie-r namely the 
packet has been encrypted with the — eee — e# using a common key. 
Then, the decoding unit 34 proceeds to the step shown at SP7— 
and substitutes a value of denoting a common key for the 

register k_^ while retaining the retrieval numbers of the keys, 
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moving on and then proceeds to the step shown at SP10. On the 
other hand, when a negative result is obtained efe — fetee — step 
SP6 , — tfe — means — that^ _ the CKI is of value "1", that is— the 
packet has been encrypted with — t-he — t*ee — e# using an individual 
key, then and the decoding unit 34 proceeds to the steps shown 
at SP8 . 

[0081] A fe — feheAs step SP8 shows, the decoding unit 34 searches 
the key table, a — line — after — another, — based — en=* line by line, 
using the expression (1), and determines whether there — exists 
a MAC address coinciding exists that coincides with the 
register MR eft of the key table. -Pfe — should — fee — noted — that 
packets Packets , which should not be received as a result of 
the discrimination fey — means — e# operation using the Hash table 
of the step^ SP4— are allowed to pass should when the Hash 
values happen — fee coincide. However, because those these 
packets are re-discriminated at the step SP8, no decoding 
processing is carried out eft — them — erroneously . Also, note 
that since because the packets that are not encrypted will not 
pass through the step SP8, they are destroyed at eliminated by 
a subsequent circuit or by the information processing device 
22. 

[0082] The searching — e£ — fefee key table is performed searched 
from the first line e^ — fefee — key — table — aftd — en-? — aftd — checking — ±-& 
repcated until a first coincidence is encountered. Here, — a- A 
valid address means indicates that the Valid bits shown in 
Fig. 5 are in an activated state. As an example, assuming 
that an active state is referred to the state where the Valid 
bits are of value "1", -tfe — ±-s — reckoned that information on the 
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lines with Valid bits of value "0" is invalid. Fe*= — example 
Thus , when the Valid bits of the MAC address#2 are "0", those 
the values are not referred to no matter what value is get 
assigned to K2Even^ K^odd- 

[0083] When a negative result is obtained at the step SP8, irfe 
indicates — that there are no MAC addresses coinciding with the 
MR eft o_f the key table, and that — this the packet is not et 
packet one that the receiving apparatus 21 is to receive. 
Then, — fehe The decoding unit 34 then proceeds to the step shown 
at SP13, and destroys the packet, thereby terminating the 
processing , as shown at the step SP14. 

[0084] On the other hand, when an affirmative result is 
obtained a-fe — fehe — stop — SP8 , — ife — indicates — that — there — exist , MAC 
addresses exist that coincide with the MR7 — and which indicates 
that those the packet are packets ones that the receiving 
apparatus 21 is to receive. The decoding unit 34 moves — eft 
proceeds to the step shown at SP9— and substitutes^ for the 
register k_^_ the retrieval numbers of the keys with which the 
MAC addresses coincide under the condition of expression (1), 
and then the unit 34 proceeds to the step SP10. 

[0085] Afe As shown at the step SP10_^ the decoding unit 34 
judges^_ based on the higher bits of the PSC_^_ whether this the 
packet fchs — been is encrypted with either a key in an Even 

period or with a key in an Odd period. it is fee — be 

stipulated, — for example, — that when When the higher bits of the 
PSC are of value "0", the packet is encoded with a key in an 
Even period, and — ift — aft — Odd period. when the higher bits of 
the PSC are of value "1", the packet is encoded with a key in 
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an Odd period. 

[0086] When the higher bits of the PSC are "0", the decoding 
unit 34 retrieves from the — key table a key in an Even period 
from the key table and allocates the values of Valid bits of 
KiEven oriontod to the MAC address #1 coincided . When the 
higher bits of the PSC are "1", the decoding unit 34 retrieves 
from the — key table a key in an Odd period from the key table 
and allocates the values of Valid bits of K i0 dd oriontcd to the 
MAC address #1 coincided, — and then . Then, the unit 34 proceeds 
to the step shown at SP11. 

[0087] A t — fefeeAs step SP11 shows, the decoding unit 34 judges 
whether the value of the Valid bits retrieved are "1" (namely^ 
namely whether the function Valid (k, E0)=1-K When a negative 
result is obtained at the step SP11, it denotes that Valid (k, 
EO) is- equals "0", that isT — even though the packet has been is 
encrypted, there — exists no valid decoding key (individual key) 
exists ■ The decoding unit 34 then proceeds to the step shown 
at SP13— and destroys the packet, terminating the processing 
at the step SP14. 

[0088] Whereas , When an affirmative result a^fc — feke — step — SP11, 
when — obtained, — indicates — that is attained, namely Valid (k, 
EO) is- equals "1", that is 7 — there — exists a valid decoding key 

(individual key) 7 aftd — then exists, the decoding unit 34 

proceeds to the step shown at SP12. As At — fefee step SP12 
shows, the decoding unit 34 retrieves a key (k, EO) from the 

key table 37 a key EO)-, namely a decoding key 

corresponding that corresponds to the k th EO, with which the 
packets are decoded and output — to the — check later outputted to 
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be checked at a later stage, thereby terminating the 
processing at the step SP14. 

[0089] Thus, the decoding unit 34 performs packet decoding 
processing ouitablc for each distribution — mode of the uni- 
cast, multicast, and broadcast ee — fehe — basis modes based on of 
the key table 37 and the Hash table. Because the retrieval 

processes (steps fee SP13) if* the foregoing decoding 

processing — ef — decoding — keys — a^e — performed — independently key 
retrieval processes, shown at steps SP5 to SP13, are performed 
independent of the discrimination processes (steps SP1 to SP 4 ) 
of the MAC addresses, shown at steps SP1 to SP4, encryption 
processes can may also be performed on the broadcast 
addressesT — feee. In this case, two common key setup methods 
can be considered; — 1st method are possible: (1) where a common 
key is designated as ar the decoding key with which fee 
communicate with corresponds to the broadcast address, and 2nd 
method (2) where the broadcast address is registered — stored 
in the key table as fe-he a MAC address oriented and corresponds 
to an individual key. private key. 

_[00j)0Jj£he — lefe Using method (1), the system does not consume the 
storage area of the key table 37, but the system must share a 
common key with other broadcasts . — The — 2nd — method — does — consume 
modes. Using the method (2), the system consumes the storage 
area of the key table 37— but is — able — fee — sefe- sets up a 
decoding key dedicated to fe-he a broadcast. 
(1-5) Operation and Effect in this Embodiment 

[0091] Structured — as — described — hithcrto Thus , the decoding unit 
34 also discriminates packets having the broadcast address 
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("OxFFFFFFFFFFFF) value, namely "OxFFFFFFFFFFFF, based on the 
MAC address dcocribcd stored in each packet of the received 
data stream D31 received ^ and also the unit discriminates the 
packets — — ttee multicast and uni - cast packets by checking the 
MAC addresses using mask bits. At this time the The decoding 
unit 34 also calculates the Hash values of the MAC addresses, 
based on which the packets of the multicast and uni - caot which 
determines the uni-cast packets that are discriminated. 
[0092] Then, the decoding unit 34 detects whether the 
discriminated packets have — been are encrypted, and when they 
have — been are encrypted, decode processing is perform — with 
performed using a decoding key taken e^fe — a# from the key 
table. At this time_^ the decoding unit 34 judges^ based on 
the CKI of a packet by>_ which key— is to be used, namely 
whether the packet wae is encrypted using a common key or a 
private key, and the packet is decoded with either the common 
key or private key according to the result, accordingly . 

[0093] According fee fehe structure described hitherto, aA 

specific MAC address value is used defined as the broadcast 
address, and only e part of the bits of the MAC address is 
checked using the mask bits so that various reception controls 
are available -fe*- such as for broadcast, multicast, and uni- 
cast. Also, the feit- number of a- MAC address bits is reduced 
with — fehe — **se — e# using a Hash function, and packets are 
discriminated with using the reduced MAC address, so that the 
circuit scale of the decoding unit 34 can be reduced. 

(1-6) Other Modes of Embodiment 

[0094] In the foregoing embodiment a — feirfe — ef — which — mask bit — i-& 
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located — a^fe — ^^-3=-^ — i-s — oub j cctcd — fee — fe-he — target — e-£ — comparioon — e£>_ a 
bit whose corresponding mask bit is -"1" is compared with MAC 
addresses. However, the present invention is not limited to 
ife using such bits , but to the contrary, a bit e£ — which whose 

corresponding mask bit is aVO" may fee fefee target e# 

comparison . instead be compared. 

[0095] Also, in the foregoing embodiment^ a packet is destroyed 
when the retrieval result eft retrieved from the Hash table 
turno — out is "0". However, the present invention is not 
limited — art- thereto , but to the contrary^ the Hash table may 
be set up so that a packet is destroyed when the retrieval 
result e# retrieved from the Hash table turno — &e£r .is "1". 
[0096] Furthermore, in the foregoing embodiment^ the MAC 
address #6^ is designated as the broadcast address, but the 
present invention is not limited te — art-7 — but thereto. Thus, 
another MAC address "OxFFFFFFFFFFFF" having a value other than 
^-hjrs- " OxFFFFFFFFFFFF" may be designated as the broadcast 
address . 

[0097] Furthermore, in the foregoing embodiment^ processing is 

performed in the order of trhe discrimination e# first 

discriminating broadcast addresses in the decode process (Step 
SP2) , then checking e# MAC addresses on the key table (Step 
SP3) , and retrieval — ef- thereafter retrieving the Hash table 

(Step SP4). However, the present invention is not thus 
limited ^re — arter y, and decode processing may be carried out in 
another order. 

[0100] Furthermore, if* the foregoing embodiment explanation — i-s- 
given — on the — case is explained where the present invention is 
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applied to a satellite data transmission system. However, the 
present invention is not thus limited te — 1*7 — but and may be 
applied to other data transmission systems such as a cabled 
Internet, for example. 
(2) Second Embodiment 

[OlOlj g^eFig . 7 shows a structural example of efte another 
embodiment of a broadcasting system employing of the present 

invention. (Note that Here, the system here means that 

comprises a plurality of devices that are logically assembled— 
a^td — it — does — ae* — matter regardless of whether each — device — is- 
the devices are housed in the same housing. ) housing. 
[0102] In the embodiment shown in Fig. 7 a — broadcasting ^ a 
broadcast system consists — e# includes a transmission system 
101, a satellite 102, a reception system 103, and a network 
104. To avoid the unneeded complexity of the — figure — fci^e^ only 
one reception system (reception system 103) — for the — 3-Q-t 103 is 

shown in Fig. 7t however , though two or more than — two 

reception systems may be employed. 

[0103] The transmission system 101 comprises a control device 
111, a data server 112, a transmission processing device 113, 
an antenna 114, a circuit connection device 115, and a cable 
II67 — a**d — fehe^ The control device 111, the data server 112, 
the transmission processing device 113, and the circuit 
connection device 115 are connected to each other with via the 
cable II67 — which — constitutes — a — LAN — f as part of a Local Area 
Network (LAN ) . 

[0104] The control device 111 lets enables the transmission 
processing device 113 to supply data te — be — distributed — if* for 
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distribution by satellite broadcasting transmission by its 
controlling the data server 112. Also, the control device 111 
controls and lots permits the circuit connection device 115 to 
obtain data — be — distributed — if* — satellite — broadcasting from 
an external network 104_^ such as via the Internet, and lets 
the transmission processing device 113 provide it the data . 
Furthermore, the control device 111 controls various processes 
in the transmission processing device 113. 

[0105] The data server 112 retains data that is to be 
distributed if* by_ satellite broadcasting, transmission and 
supplies necessary data to the transmission processing device 
113 under the control of the control device 111. The 
transmission processing device 113 packets the data that is 
supplied from the data server 112 and from the circuit 

connection device 115 into ( Internet — Protocol ) Internet 

Protocol (IP) packets under the control of the control device 
111, and furthermore the device 113 blocks the IP packets into 
data blocks called — a — section — described — fey — th-e — describer — based 
ee — t-he — multiprotocol — Encapsulation — regulated — if* — e.g. — j_ known 
as sections, according to the multi-protocol encapsulation 
standard defined in, e.g., EN 301 192 VI. 1.1 (1997-12), the 

DVB specification for data broadcasting ETSI (-European 

Telecommunications Standards Institute -)-: — And, — fefre (ETSI) for 

data broadcasting . The transmission processing device 113 

divides a section into payloads each having a given length, 
and each payload is appended with the header of a packet 

forming — a — transport — stream — ( referred — te — a-s — a — ¥S (Transport 

Stream) ) , — resulting — if* — fc4*e — formation — e£ — a — packet — e£ — a — kind — e# 
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¥S — paclcct , fee — which — further — processes — ouch — as — to form a 

transport stream (TS) which is further processed, such as 
using modulation and amplification arc — applied, — , and which is 
finally transmitted as satellite broadcast waves via the 
antenna . 

[0106] Also, the transmission processing device 113 has the MAC 

address of each of terminals 124i, 124 2/ ■ • (-a-s-, shown in Fig. 

7, as well as of terminals forming — a — reception — system not 
shown in Fig. 7-) — f orming^ to form a reception system 103 7 — a**€L_ 
The device 113 includes an encryption key table storage unit 
113A for storing an encryption key table in the form of a 
diagram oriented to the encryption key assigned to each MAC 

address (Media Access Control) . Note that aii. All the 

encryption keys assigned to each of the MAC addresses are 
basically different. However, the same encryption keys may be 
assigned to some of the MAC addresses. 

[0107] Just — for additional — information, — fefee The MAC address is a 
system of aft — address — applicable addresses according to the 

IEEE (-Institute of Electrical Electronics Engineers f (IEEE) 

802.3 standard , etc., and is an individual value of 48 bits 
for each communication port. The 48-bit MAC address ef — 4-8- 
bits — consists — e£ — feke includes a higher half 24 bits being 
which are an identification number of a manufacturer - f (or 
vendor) registered to and supervised by the IEEE7 — and — thc ^ 
The lower half 24 bits being are a device identification 
number supervised by each vendor. Using the MAC address, an 
address of each of the terminals 124i, 1242, • ■ " can be 
specified . 
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[0108] According to the foregoing multiprotocol encapsulation, 

-tft — the — header — — a — section (section — header) ±-s — arranged 

located within the section header is the MAC address ef — a 
terminal that serves as the address of a- the terminal 124± that 
is to which receive the data arranged stored in the payload of 
a section io distributed . When it is necessary to encrypt the 
data arranged located in the payload e£ — a — section, — namely an 
such as for an IP packet here , the transmission processing 
device 113 retrieves an encryption key assigned to the MAC 
address of a terminal 12 4i as an address to be arranged in the 
header of a section the terminal 124 j for arrangement within 
the section header. The encryption key is retrieved from the 
encryption key table stored in the encryption key table 

storage unit 113A 7 with — fefee — **se — — which and is used to 

encrypt an IP packet arranged in the payload of that section 
is to be encrypted . 

[0109] The encryption key table may be of the same type €H§ as a 
key table that of a receiving apparatus 122 (to be — described 
later) — has, or may be of a different type. In this instance, 
^ The encryption key table is- may be incorporated into a 
transmission system IOI7 — however, — it or may be stored in a 
server (not shown in figurc) j_ in a network 104 7 — which may be 
and retrieved for use through t+te a circuit connection device 
115 as occasion arises . 

[0110] Comprising a modem, TA (Terminal Adaptor) , a**€i 
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(Digital Service Unit) , etc . &ene- 
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circuit connection device 115 performs carries out 
communication control over the network 104 . 

[0111] A reception system 103 consists — e# includes an antenna 

121, the receiving apparatus 122, the circuit connection 
device 123, the terminal terminals 124i, 1242, * * • / and the 
cable 125t — a**d — t-h-e . The antenna 121, the receiving apparatus 

122, the circuit connection device 123, and the terminal 
terminals 124i, 1242, • " ' are connected to each other with via 
the cable 125 to form a LAN such as the an 
Ethernet (trademark) , ,™ for example. 

[0112] The receiving apparatus 122 and the terminal terminals 
124i, 1242,""" are may be computers, for example. Though i» 
this — instance, the receiving apparatus 122 and the terminal 
terminals 124i, 124 2 ,-'-are shown connected to each other with 
the cable 125 to form a LAN, but they may instead be connected 
directly- Furthermore, the receiving apparatus 122 may be a 
board that can be inserted into a slot of a computer such as a 
terminal 124i- Also, the receiving apparatus 122 and circuit 
connection device 123 may be constituted in a singular 
computer . 

[0113] Satellite broadcasting broadcast waves transmitted from 
the transmission system 101 via the satellite 102 are received 

by the antenna 121 7 which and are fed to the receiving 

apparatus 122. The receiving apparatus 122 applies — a — process 
— be — described — later — processes the received signals, and 
the resultant data of which is supplied to a specific terminal 
124 ± . 
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[0114] Formed — similarly Similar to the circuit connection device 
115, the circuit connection device 123 is — designed to perform 
performs communication control over the network 104. 
[0115] Each terminal 124i, 124 2 , • • - is- may be a computer, for 
example, and which receives necessary data from the receiving 
apparatus 122, and conducts such processes such as displaying, 
outputting, and storing the data. 

[0116] Next , explanation ±-s given e« — aA data transmission 

process performed by the transmission system IOI7 — referring is 
described with reference to a flowchart shown in Fig. 8. 
[0117] First , as shown at fe-he step SPlOl^ the control device 
111 judges whether there exists — data to be transmitted data is 
present for transmission to a terminal 124j.. The control 
device 111 uses Having a schedule table with comprising a 
schedule to be transmitted described on — ±^- f — t-he — control — device 
111 judges — based on, that — schedule — table — whether — there — exists 
data to be transmitted to the terminal — 12 4 i , — The terminal — 12 4 i 
irs — designed — fee — be — capable — e£ — demanding to judge whether such 
data exists. The terminal 124 j may demand data from the 
transmission system 101 over the network 104 by controlling 
the circuit connection device 123, and the control device 111 
judges — whether — there — exists — data — fee — be — transmitted — fee — the 
terminal — 12 4 i , may judge whether such data exists depending 

upon whether such a demand is received by the circuit 

connection device 115 receives such a demand over the network 
104 . 

[0118] When it is judged at the step SP101 that there exists no 
data — fee — be — t ransmitted data for transmission to the terminal 
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124i exists , the control device 111 proceeds to the step SP102 

and judges whether to change a period. The if* tke 

transmission system 101 4rt is designed ouch that with 

encryption keys dcocribcd eR the that are held in an 

encryption key table in the encryption key table storage unit 
113 and that are renewed periodically or in irregular periods , 
where — a intervals. A period in which encryption — ts — performed 
data is encrypted using an encryption key obtained as a result 
of a renewal every other time starting from a second time, for 
example, is called an Even period 7 — aftd — where — a. A period in 

which encryption i-s performed — with the t*ee e# data is 

encrypted using an encryption device obtained as a result of a 
renewal every other time starting from a first period is 
called an Odd period. Accordingly, — with Even periods — and Odd 
periods — alternating, — art — i-s — judged — at — the — step — SP2 The control 
device 102 judges , at the step SP 102 whether it is the time to 
change from an Even period to an Odd period— or to change from 
an Odd period to an Even period. 

[0119] When it — irs — judged the control device 111 judges that a 
period is not to be changed, namely, that it isT — continuing to 
continue to encrypt data with using the «ee — ef — aft encryption 
key presently being used presently — ±& — encrypting , it returns 
to the step SPIOI7 — resulting — i-n — repetition — e£ — the — foregoing 
processes . When — art — is — j udged to repeat the process. When the 
control device judges that a period is to be changed et — the 
step — SP102 , — that — is-? — changing — from an Even period to an Odd 
period— or from an Odd period to an Even period, it proceeds 
to the step SP103— where the control device 111 replaces an 
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encryption key stored ef* in the encryption key table with an 
encryption key previously created at the step SP104 te — be 

described later . this wa-y encryption is performed 

thereafter with the t*se e£ the renewed encryption key^ 

Encryption at the transmission processing device 113 is 
thereafter performed using the encryption key — 

[0120] At the step SP104_^_ the control device 111 creates -fen? 
obtain) or obtains an encryption key that is to be used for 
the next period 7 — which is — supplied and supplies the key to the 
transmission processing device 113— which transmits it as the 
decoding key. Then, it the control device 111 returns to the 
step SP101 , — where — processes — similar — te — those — if* — the — foregoing 

case a*e repeated. Fe^ additional information, the 

transmission — e£ — a shown at SP101. The transmission of the 
decoding key may be carried out over a network as well as via 
the satellite 102. 

[0121] That is, — whcn When a new decoding key used for use in the 
next period is transmitted to a reception system 103 j ust 
before the start of the next period, it may happen is possible 
that the setting of a new decoding key may not be sent in time 
for the start of the next period. i I L e — cope — with — it? — if* — this 
embodiment — a Therefore, the new encryption key used in the 
next period is arranged — fee — be distributed to the reception 
system 103 in just the during a previous period. 

[0122] On the other hand, when it — is — judged — that — there — exists 
data the control device judges that data exists to be 
transmitted to a terminal 124i, the control device 111 lets the 
transmission processing device 113 transmit the data fee — fee 
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transmitted by controlling the data server 112 or the circuit 
connection device 115. Upon the receipt of the data supplied 
from the data server 112 or from the circuit connection device 
115, the transmission processing device 113 packets it the 
data into IP packets— and it proceeds to the step shown at 
SP105. 

[0123] The transmission processing device 113 judges , as shown 
at the step SPIOS^ whether it is necessary to encrypt the IP 
packet, and when it is j udged — as — one not necessary t-e — be 
encrypted, — it^ the device 113 proceeds directly to the step 
SP108 , skipping the steps SP106 and SP107 . 

[0124] Whereas, — whcn When the IP packet is judged at — fei*e — step 
SP105 as one needed that is to be encrypted, it the device 113 

moves on the step SPIO67 then — the — information — processing 

device — and retrieves an encryption key assigned to the MAC 
. address of a terminal 124i to be the — address — of that — IP packet 
from the encryption key table 7 — and goes — on to — the. Then, step 
SP107- — At — fefee — step — SP107^ the transmission processing device 
113 encrypts the IP packet with using the key retrieved at — fefee 
stcp SP106, key and proceeds to the step SP108. 

[0125] A£ — the As step SP108 shows, the transmission processing 
device operates uses a CRC — (-Cyclic Redundancy Checking -) — code 

(or, — check — sum) — with — regard — te code (CRC) or checksum on the 
IP packet. As a result, a section as shown in Fig. 9 (A) (A) is 
formed with — that having the IP packet as the payload appended 
with — a , the CRC code at the its bottom^ and a- the section 
header at the its top. A stuffing byte is inserted between 
the payload and CRC^ if needed. 
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[0126] The section header is composed of 3 bytes (96 bits)^ as 
shown in Fig. 9 (B) (B) . Detailed explanation of the section 
header is omitted hero — a-s — ife — ts- described in the foregoing EN 
301 192 VI. 1. 1 (1997-12) standard , but it should be noted that 
a MAC — address — — 4-8 — bit o — fee — become — a** — address — ±s — arranged 
between — fe&e — MAG — address — 1 — a**d 48-bit MAC address is divided 
among the MAC addresses 1 to 6. Arranged at the MAC address 1 
are -8 — bits eight of the highest bits of the MAC address, and 
arranged at the MAC address 2 are the next highest -8- eight 
bits. Similarly, -8- successive eight bits of the MAC address 
are arranged at each of the MAC addresses 3 to 5_^_ 
respectively, and with the lowest 8 bits of the MAC address 
located at the MAC address 6. 

[0127] A fter constituting a data section, the transmission 
processing device 113 divides that section into payloads each 
having a. given length 7 — af*et — performs — encapsulation — fee — form — a 
packet of the TS packet type by appending to each payload^ The 
processing device then encapsulates the payload to form a TS 
type packet by appending the header of the TS packet forming a 
to each payload to form a MPEG 2 transport stream of MPEG — 
Then, the transmission processing device 113 proceeds to the 
step SP109, where such — necessary — processes — a-s- modulation and _^_ 

amplification, etc. are applied fee carried out on the 

resultant packet 7 (which . The packet is called a TS packet 

hereinafter &enr — this because the packet can be basically 

processed in a similar way as for the TS packet-)-? — which . The 
TS packet is transmitted as satellite broadcasting waves from 
the antenna 114, and then -tfe the device 113 returns to the 
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step SP101. 

[0128] ^f* As shown in the section header shown — if* — Fig . — 9 — (B) , 
the — B&G — (payload_acrambling_control ) — of 2 bits in Fig. 9(B) , a 
payload scrambling control (PSC) of 2 bits length is located 
at the 43rd bit and 44th bit — from the — first — is to bo bits One 
bit is used, for example, as tke an encryption judgment flag 
to indicate whether data arranged in the payload of the 
section has — been is encrypted^ and the other bit is used as a 
period judgment flag t-e — denote — which — period, — Even — e^r — Odd, — the 
data — i-s — in . that denotes whether the data is in and Even or 
Odd period. 

[0129]^ — be — concrete, — fe^e — example Specif ically , the lower bit 
of the PSC is used as the encryption judgment flag, — being and 
has the value 1 when the data has been encrypted— and has the 
value 0 when the data is not encrypted . The higher bit of the 
PSC- is used as the. period judgment flag 7 — being and is of value 
0 in an Even period— and of value 1 in an Odd period. 
However, — it — is — possible — fee — t*se Alternatively, the higher bit 
of the PSC may be used as the encryption judgment flag, and 
the lower bit may be used as the period judgment flag. It is 
also possible to ma kc assign the assignment values of 0 and 1 
e-s- to the encryption judgment flag and the assignment of 0 and 
-1 — ets- to the period judgment flag by to have the reverse method 
opposite meanings of the above case . 

[0130] In the EN 301 192 VI . 1 . 1 ( 1997-12 ) it is stipulated that 
standard, when the PSC is of value OOB-f^ where B indicates 
that the value arranged shown before it is a binary number-)-, 
data has not been encrypted. Accordingly, it is preferable to 
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ma kc define the encryption judgment flag tc> be of value 1 when 
data has been encrypted— and of value 0 when not encrypted , 
resulting in the conformity with the DVB specification e# 

the DVB . 

[0131] A s described hitherto above , in the broadcasting system 
shown in Fig. 7, since data is encrypted with the use of using 
an encryption key assigned to the MAC address inherent 
corresponding to each terminal 124j . Thus , each terminal 124± 
can be controlled with regard to reception, thus thereby 
realizing the an ultimate conditional access mechanism. 
[0132] A s — fee — the — method — fce> — rcalizc The Japan Patent Laid Open 
No. 215244/1998, by the applicant of the present invention, 
discloses in detail the method of realizing a conditional 
access mechanism for performing exact reception control by 
assigning an encryption key to the value inherent to the 
receiving . side^. such as a MAC address or an IP address, 

details a-^e disclosed — if* — tfee — Japan — Patent — Laid — Open — Ne-r 

2152 44/1998 applied — by fefee applicant &€ this invention . 

However, with_ . However, the communications satellite 

broadcasting of Japan conforming conforms to a specification 
derived from the DVB - SI — (-Digital Video Broadcasting - Service 
Information / EN300 468 -)-?- ( DVB-SI ) , and the use of the MAC 
address is to conform conforms to that specification. 
[0133] Next, the Fig. 10 shows a structural an example of a- the 
structure of the receiving apparatus 122 shown in Fig. 7. 
[0134] The antenna 121 receives satellite broadcasting waves 
transmitted from the transmission system 101 via the satellite 
102, and the received signals are output outputted to a front- 
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end unit 131. The front-end unit 131 selects the signal of a 

specific channel from among the signals coming through 

received by the antenna 121 under the control of a CPU 134 , 
which and the signal is further decoded to a digital 

stream ( I P_datagram_data_bytc ) s such as an 

IP datagram data byte of a TS packet^ and 4=s — output delivered 
to a demultiplexer 132. The demultiplexer 132 extracts a 
specific TS packet etit — e^- from the digital stream coming from 
the front-end unit 131 / also under the control of the CPU 134, 
and ±s — output sends the TS packet to a decoding t5-£ — (-Large 

Scale Integrated Circuit ) 133 . That ±-s fee oay , fefee 

dcmultiplxcr — 3^2 — makes — a — selection — e# — 3 L S — packets — eft — t-he — basis 
e-f — a — — (Packet — Identification) (CSI) Circuit 133. That is, 
the demultiplexer 132 selects TS packets based on the Packet 
Identification (PIP) arranged in the header of a — — packet 
forming - a digital — stream, — coming — from the — front - end unit 131, 
and — outputs — the — only — selected — 5^5 — packet the TS packet, and 
outputs only the selected TS packets to the decoding LSI 
device 133 . 

[0135] The decoding LSI device 133 is a one-chip LSI consisting 
e£ device comprising a filter 141, a decoder 142, a key table 
storage unit 143, a checker 144, and a FIFO — (-First In First 
Out (FIFO ) buffer 145. 

[0136] The filter 141 examines the data, i# when needed, that 
is arranged in the payload of a section composed comprised of 
TS packets coming received from the demultiplexer 133 , 132 , 
destroys feke unneeded TS packets, and outputs — t4*e — delivers 
only the needed TS packet to the decoder 142. 
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[0137] The decoder 142 decodes data — (hero, — IP packets) the IP 
packets arranged in the payload of a section consisting of the 
TS packets coming that come from the filter 141 with — the — t*s-e 
e# using a decoding key stored in the key table storage unit 
143, and outputs the resultant to the checker 144. Also, as 
explained i» regarding Fig. 8, with an encryption key is^ 
renewed in the transmission system 101, and when the renewed 
encryption key is transmitted, the decoder 142 renews the 
content stored — if* of the key table storage unit 143 with using 
that encryption key as the decoding key and under the control 
of CPU 134. Accordingly, the common key cryptosystem is used 
as the encryption method ift — this — instance . However, the 

public key cryptosystem 7 too, may also be used as an 

encryption method. 

[0138] The key table storage unit 143 stores a key table onto 
in which the MAC addresses corresponding to the terminals 124 lf 
1242, — ' ' ' / — which — a^ee — connected — te — each — other — with — the — cable 
125 , — aftd r. . . , and in which decoding keys assigned to the MAC 
addresses are registered in correspondence with each other. 
[0139] The checker 144 performs error detection on the IP 
packets output outputted by the decoder 142 7 — with — fe&e — ttse — ef- 
using the CRC code of a section arranged located in that IP 
packet, under the control of CPU 134, thus — judging to judge 
whether decoding is performed correctly in the decoder. The 
IP packets processed if* by the checker 144 are fed to the FIFO 

buffer 145t which that temporarily retains the IP packets 

coming — from — fehe — checker — 1 44 , and outputs i^ them to the 3r/-£ 
(Interface) Interface (I/F) 135 under the control of CPU 134. 



This process results in adjusting the data rate of the IP 
packets . 

[0140] The CPU 134 controls the front-end unit 131, the 
demultiplexer 133, the decoding LSI 133, and the I/F 135. The 
I/F 135 functions as the an interface — supply that supplies 
the IP packets from the FIFO buffer 145— to a terminal 124± 
through the cable 125 under the control of CPU 134. 
[0141] Next, — t-heFig. 11 shows a — structural an example of the 
structure of the key table stored in the key table storage 
unit 143 in Fig. 10. 

[0142] The key table -±s — made — up — e# contains the same number of 
entries as that of terminals 124i, 1242 •» connected — fee — the 
cable — 3r*5 — for example, — £b — Fig . — 14 — the , , The key table contains 
N pieces units of entries #1 to #N 7 — therefore, — tfi — fe-ke — present 
embodiment, so that the cable 125 is connected to the N number 
of terminals 124i to 124 N . The maximum number of entries on 
the key table is restricted by the storage capacity, etc. of 
the key table storage unit 143. 

[0143] Registered on each entry #i-f£r_ where i =l,2, . . . , N-K_ are 
the MAC address MACaddrcoo #i of 48 bits of a terminal 124i ± and 
a decoding key of m bits-f^. where m denotes a cryptosystem in 

usef L assigned to that MAC address 7 ift — correspondence — with 

each — other . As explained above, ±r — the — present — mode — e# 
embodiment — there — exist an Even period and an Odd period with 
encryption — performed exist with a different encryption key if* 
with each period so that two decoding keys are registered in 
each entry — a. A decoding key (called called an "Even 
decoding key" hereinafter) _^ hereinafter referred to as K E ven#i, 
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is issued to decode data encrypted in an Even period, and e 

decoding — key (called an "Odd decoding key" hcrcinaf tor ) j_ 

hereinafter K odd #j , is issued to decode data encrypted in an Odd 
period. 

[0144] Furthermore, a Valid bit_^ -(-called an "entry Valid bit" 
hereinafter-) — indicating , indicates whether that the entry #i 
is valid and is appended to the head of the MAC address 
MACaddrcos #i of each entry #i. Also, a Valid bit (called ^ 

called a "decoding key Valid bit" hereinafter-) indicating^ 

that indicates the validity is appended to each of Even 
decoding key K Eve n#i and Odd decoding key K 0 dd#i- 

[0145] As to the entry Valid bit and decoding key Valid bit, 
the value "1" denotes valid, and the value "0" denotes invalid 
for example. However, it is also possible to apply — a — method 
reverse have the opposite value to the above case &e — the 
assignment when assigning the value of the entry Valid kit and 
decoding key Valid feirt bits , "0" and "1". 

[0146] As described before, in the transmission system 101^ a 
decoding key equivalent that corresponds to a new encryption 
key used — if* for the next period is te — be distributed to the 
reception system 103 just bncf ore before the next period. 

Accordingly, et an Odd decoding key (Odd decoding key) 

equivalent that corresponds to an encryption key to be used in 
for the next Odd period is distributed in an Even period, and 

ar an Even decoding key (Even — decoding — key) equivalent that 

corresponds to an encryption key — be — used — if* for the next 
Even period is distributed irn during an Q£B Odd period. And, 
ift In the decoder 142, decoding keys that are distributed in 



49 




such a manner are ee£ — tip — (overwrite, — ief — example) — eft retained 
by an overwrite, for example, within the key table . 
Therefore, ±ft — this — caoc, a decoding key that is to be used in 
the next period is set up eft in the key table until before the 
current period terminates. Furthermore, since because the 

changing change of decoding keys accompanying with that 

accompanies the changing change of periods can may be 
performed simply by switching the position (address ) , i.e., the 
address of the key table from which the decoder 142 performs 
retrieving retrieves , without involving CPU34 , it the change 
can be done in a moment, rapidly. 

[0147] Next , — explanation will — fee — given on thc The operation of a 
receiving apparatus in Fig. 10 is now explained with reference 
to a flowchart shown in Fig. 12. 

[0148] The antenna 121 receives satellite broadcasting 
- broadcast waves transmitted from the transmission system 101 
via the satellite 102, and the received signals obtained are 
transformed into the a digital stream of a TS packet — through 
the packets via front-end unit 131 and the demultiplexer 133, 
and arc the signal stream is supplied to the decoding LSI 133. 
[0149] In the decoding LSI 133, a section consisting of TS 
packets output by the demultiplexer 132 is supplied to the 
decoder 142 through via the filter 141. Upon the receipt of 
the section, the decoder 142 sets retains the MAC address 
arranged in the section header %e as a variable MA ^s- in a 
built-in register . 

[0150] The decoder 142 retrieves the stored entry of e the MAC 
address coinciding that coincides with the variable MA by 
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referring to the key table, that — is — fee — oay , — reads — as step SP 
111 shows. The decoder reads, in order, a MAC address 
registered in each entry #i starting from the entry #1 of the 
key table ift — order , and compares (checking) by checking the 
MAC address read and the variable MA to judge determine 
whether there cxioto the entry of a MAC address matching entry 
matches the variable MA , as shown at the step SP112. When it 
is — judged — at — feke — stop — SP112 — that — there — cxioto — ae — entry — e£ — a 
MAC — address — matching there is no MAC address entry that 
compares to the variable MA, namely— when a no terminal having 
a- the MAC address arranged in the section header is not 
connected to the cable 125, the decoder 142 proceeds to the 
step shown at SP113, and destroys the section supplied, 
thereby terminating the processing. 

[0151] Also, when it — is — judged — at — the — step — SP112 — that — there 
cxiots. the there is an entry of a MAC address matching that 
compares to the variable MA, it the decoder 142 proceeds to 
the step shown at SP114 with that the entry regarded it 
regards as the marked entry. 

[0152] The decoder 142 judges^ at the step SP114 JL whether that 
marked entry is valid— based on the entry Valid bit of the 
marked entry. When it — is — judged — at — fefee — step — SP11 4 — that the 
marked entry is not valid, namely when the entry Valid bit is 
"0", the decoder 142 proceeds to the step shown at SP113, and 
destroys the section supplied, thus terminating the 
processing. Thus Accordingly , even when a terminal having — a 
exists that has the MAC address arranged in the section header 
of a section supplied to the decoder 142 is — connected — fee — fefee 
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cable — ±2r&, if the entry of that MAC address is not valid, the 
section is not supplied to fefee that terminal connected — fee — feke 
cable 125 . 

[0153] When the marked entry is j udged — fee — fee — valid — afe — fefee — otcp 
SP11 4 valid , that is— when the entry Valid bit of the marked 
entry is 4^ the decoder 142 proceeds to the step SPll5-r 

and fehe — decoder — 1-4-2- judges whether the data (IP packet) i.e., 
the IP packet in the payload of the section^ has been 
encrypt ed 7 — with — reference — fe e. The decoder 142 judges using 
the lower bit of the PSC (Fig. — 9 — (B) ) of the section header 
shown in Fig. 9(B) , namely the encryption judgment flag. When 
the encryption judgment flag is j udged determined to be w 0" efe 
fehe — otcp — SP115 , that is— when the IP packet arranged in the 
payload of the section has not been encrypted, the decoder 142 

proceeds fee — fehe — otcp — SP119, skipping — fefee — otcpo — SP117 — aftdr 

S PI 1-8 ., — a**d — output o — that directly to the step shown at SP119, 
and outputs the unencrypted IP packet to the FIFO buffer 145 
through via the checker 144, thereby terminating Re- 
processing. The And, — fehe IP packet stored in the FIFO buffer 
145 is then supplied to a terminal 124 ± connected to the cable 
125 through the I/F 135, — which is specified by the MAC address 
in the section header of the section arranged in that IP 
packet . 

[0154] Whereas, When the decoder judges that the encryption 
judgment flag is judged — fee — be — — of value "1", as shown at 
the step SP115, that is— when the IP packet arranged in the 
payload of the section is encrypted, ifer the decoder goes on to 
the step SP116— and the decoder 1 4 2 sets the higher bit of the 
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PSC ( Fig . — 9 — (B) ) of the section header of that section, namely 
the period judgment flag? — fee— shown in Fig. 9(B), to the value 
of the variable EO a^ — being in a built-in register, and then 
proceeds to the step SP117. 

[0155] The decoder 142 judges , as shown at the step SPllT^ 
whether the decoding key Valid bit # (MA, EO) is valid iff 
during a period corresponding to the variable EO in the marked 
entry in which the MAC address matches the variable MA 7 — that 
is-? — if *. That is, the decoder 142 judges during an Even period 
when the variable EO is "0"— and if* during an Odd period when 
the variable EO is "1". When it — is — judged — that the decoding 
key Valid bit # (MA, EO) is not valid, that is— that the 
decoding key Valid bit # (MA, EO) is "0", it the decoder 
proceeds to the step SP113— and tfee — decoder — 3r42- destroys the 
section supplied, thus terminating the processing. 
Accordingly, even when a terminal exists having a- the MAC 
address arranged in the section header of the section supplied 
to the decoder 142 is connected to the cable 125 and the entry 
of that MAC address is valid, if the decoding key if* during a 
period indicated by the period judging flag is not valid, that 
section is not supplied to the terminal connected to the — cable 

[0156] On the other hand, when the decoding key Valid flag # 
(MA, EO) is judged to be valid at the step SP117 , namely when 
the decoding key Valid flag # (MA, EO) is M 0", it the decoder 
proceeds to the step SPII87 — and the decoder — 145 — retrieves — feke 
decoding — key — (MA, — EQ-) — in a period matching the variable EO — if* 
the — marked — entry — where — the — MAG — address — coincides — with — the 
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variable — MA and retrieves , from the key table, the 
decoding key (MA, EO) during a period matching the variable EO 
in the marked entry where the MAC address coincides with the 
variable MA. The decoder decodes the IP packet arranged in 
the payload of the section using the decoding key (MA. EO) — 
and then it proceeds to the step SP119. 

[0157] The decoder 142 outputs the decoded IP packet to the 
FIFO buffer 145 through via the checker 144 at — the_^_ as step 
SP119 shows , and the processing is terminated. Also And , the 
IP packet stored in the FIFO buffer 145 is supplied to a 
terminal 124i connected to the — cable — 125, specified by the MAC 
address in the section header of the section having the IP 
packet through the — I/F 135 . 

[0158] Processes — f ollowing The process of the flowchart in Fig. 
12 is performed every time a section is supplied to the 
decoder. 142. As described hitherto above , the validity of the 
entry is judged based on the entry Valid bit registered stored 
in the entry of the key table, and the output of data to a 
terminal is controlled, so that it is possible to easily 
restricts restrict users (terminals ) or terminals to obtain 

(receive) or receive data correctly. Furthermore, since 
because the data output e£ — data is controlled based — e** by the 
value of the decoding key Valid bit of the key table, it — eeft 
fee — easily — practiced — fee — allow — a — certain — terminal — a respective 
terminal may easily be allowed to receive data in the only one 
period, either if* during an Even period or Odd period, or te 
prohibit — it may be prohibited from receiving data in either 
e**e period. The setting of values of the entry Valid bit and 
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the decoding key Valid bit can be done in a receiving 
apparatus 122 independently, or may be done based on the 
information transmitted from the transmission system 101. 
[0159] In this embodiment, a decoding key4_^ as well as an 
encryption key-K_ is assigned to the MAC address inherent to a 
terminalT — however . However , it is also possible to decide 

define a terminal -J-B ( Identification) Identification (ID) 

inherent to a terminal— and te then assign a decoding key to 

that terminal ID. Furthermore, i^fe i-s also possible to 

determine a group ID inherent to a plurality of terminals may 
be designated , and — assign a decoding key assigned to that 
group ID. However, when assigning a decoding key to a MAC 

address, it i-s possible te easily incorporate an exact 

conditional access mechanism may easily be incorporated, as 
described hitherto, into the outline of digital satellite 
broadcasting based on the EN 301 192 VI . 1 . 1 (1997-12) 
standard, which is the DVB standards . standard. 

[0160] In this embodiment, the one-chip decoding LSI 133 
comprises the filter 141, the decoder, 142, the key table 
storage unit 143, the checker 144, and the FIFO buffer 145— 
however . However , it is also possible to separately form a 
filter 141, decoder— 142, key table storage unit 143, checker 
144, and FIFO buffer 145 as one chip separate chips . However, 
the employment of a one-chip decoding LSI 133 incorporating — a 
filter — 141, — decoder, — 1 4 2 , — key table — storage — unit — 1 4 3, — checker 
1 4 4 , — aad — FIFO — buffer — 14^ — may — increase — t-he increases security 
because the data decoding ef — data is performed within the 
single decoding LSI 133, and is completely sheltered removed 
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from the outside. Furthermore, from — fefee — viewpoint — ef — feke 
reducing — a# to reduce the installation area of circuits and 
high-speed processing, it is preferable to incorporate — the 
filter — 1 4 1, — fch-e — decoder, — 1 4 2 , — t-he — key — table — storage — unit — 1 4 3, 
£4*e — checker — 1 44 , — a**4 — fefee — FIFO buffer — 3r4-5 — into use a one-chip 
decoding LSI 133. 

[0161] Further, in this embodiment, explanation — i-s — given on — the 

case — where data irs diotributcd — fey the digital satellite 

broadcastT — however distributes the data. However , the present 
invention may be applied to such a case where the data is 
distributed by the using a multicast, for example. 
[0162] Further, in the present embodiment, two types of 
periods, namely Even period and Odd period, periods , are 
provided 7 — however . However , it is also possible to not te use 
such periods, or to provide more than two types of periods. 
Likewise, it is . possible to have the only one decoding key or 
more than two decoding keys registered — into associated with 
each entry of the key table . 

[0163] In the present embodiment, data is distributed in a — form 

based on the DVB standards 7 however, However, data may 

instead be distributed in a form, not based on the DVB 

standards. Moreover, Next, a scries e# the foregoing 

processes can may be performed not only with hardware but also 
with software. if* — the — case — e£ — performing — the — scries — e# 
processes — with — software Namely , a program constituting the 
software is installed on a general-purpose computer or one- 
chip microcomputer . 

[0164] Fig . 13 shows a — structural — example — e£ — e**e — embodiment — e# 
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a — computer — inotallcd an example of the structure of a further 
embodiment in which a computer is provided with a program 
performing a — scries — e# the foregoing processes. 

[0165] A program mety — be is_ stored in advance — into a storage 
medium^ such as a hard disk 205 or ROM 203, which is built 
into a computer. 

[0166] QgAlt er natively , a program may be stored ( recorded) or 
recorded, either temporarily or perpetually^ in a removable 
recording medium 211 such as a floppy disk, CD - ROM — (-Compact 
Disc Read Only Memory •)—, — MG — (Magneto Optical) — disc, — DVD — ( -(CD- 
ROM) , Magneto Optical (MO) disc, Digital Versatile Disc 
-) - ( DVD) , magnetic disc, or semi-conductor memory. Such A 
removable recording medium 211 may be provided as feke — se— 
called package software, a software package . 

[0167] N e^ only installed into a computer from the 

f orcgoing lnstead -of a removable recording medium 211, but a 
program may be transferred by wireless — from a — download site — fee 
a — computer — to a computer using a wireless connection, such as 
from a download site via an artificial satellite link for 
digital satellite broadcasting, or may be transferred fee — a 
computer — fey — wire — using a wire connection over a network^ such 

as iAN (-a Local Area Network -) - ( LAN ) or the Internet. The 

computer receives such programs transferred programs at the a 
communications unit 208— which can be installed in the built- 
in hard disk 205. 

[0168] The computer incorporates a GRJ — (-Central Processing Unit 
-) — 202 . — Connected (CPU) 202 that is connected to an input/output 
interface 210 with via a bus 201t — fe**e. The CPU 202 executes a 
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program stored in a ROM — (-Read Only Memory ■) - ( ROM ) 203 according 

to commands which a^e entered by a user through the 

input/output interface 210 with using an input unit 207 such 
as a keyboard and mouse, etc. Also, the CPU 202 loads into a 
RAM — (-Random Access Memory (RAM) 204 and performs executes 
programs stored in the hard disk 110, programs which are 
transferred from a satellite or over a network to the 
communications unit 208— and installed in the hard disk 205, 
or programs which are installed in the hard disk 205 after 
being retrieved from the removable recording media 211 
installed that is inserted into the drive 209. In this 
manner, the CPU 202 performs processes following according to 
the foregoing flowchart— or performs processes following 
according to the structure of the foregoing block diagrams. 
And Also , the CPU 202 outputs may output , when required, the 
processed results from — the to an output unit 2 0 6^_ such as a** 

LGB fa Liquid Crystal Display (LCD) or a speaker, etc.^ 

through the an input/output interface 210, or transmits — them 
the CPU may transmit the output from the communications unit 
20 87 — etndt — furthermore, — let Furthermore, the CPU may transmit 
the output to the hard disk to record them. the output . 
[0169] As to the present specification, the above processing 
steps describing ^ which describe a program to let permit the 
computer perform various processes^ are not necessarily 
followed in a time series sequence along the order described 
ee in the flowchart-? — but_ ;_ Rather, the specification includes 
processes ^fee that may be performed concurrently or 
individually (e.g. , , e.g., using concurrent processing or 
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processing with objects-)-. 

[0170] Also, the programs may be those which that are processed 
by a single computer— or by a plurality of computers in- using 
distributed processing. Furthermore, the programs may be 
those — which — arc transferred to a computer located in a faraway 
site for execution, t^ — be — performed. Industrial — Applicability 
The present invention can be utilized for the data 
transmission system using the digital satellite broadcasting 
and the data transmission system using the wired network. 
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Explanation o.f Reference Numoralo 

4 — satellite — data — transmission — system — 2 — transmission — system, — 3 
satellite, — 4 — reception — system, — 5 — Internet, — 10 — control — device, 
44 — circuit — connection — device, — 15 — data — server, — 15 — transmission 
processing — device, — 14 — local — network, — 15 — transmitting — antenna, 
50 — receiving — antenna, — 24 — receiving — apparatus, — 2-2 — information 

processing — device, 2-3 — circuit — connection — device, 24 local 

network, 3-0 — CPU, 34 — front — end — unit , 35 — demultiplexer, 35 

receiving — filter, — 3-4 — decoding unit, — 35 — checker, — 3-6 — buffer, — 3^7- 

kcy — table, — 3-8 — interface — unit , — 3-9 — bus, — 1-0-1 — ■ transmitting 

system, — 1-05 satellite, — 10-3 receiving — system, — 10-4 * 

network, — 144 — — — control — device, — 145 — data — server, — 14-3 

transmission — processing — device, — 113A encryption — key — table 

storage — unit, — 144 — antenna, — 145 circuit — connection — device, 



44- 6 — cable, — 154 — — antenna, — 155 receiving — apparatus, 

45- 3 — circuit — connection — device, — 1241' , — 1242 ■ terminal, 

434 front - end unit, 135 demultiplexer, 1-3-3 ■ 

decoding LSI, 134 — — CPU, 135 — — — I/F, 141 — --- filter, 142 

decoder, — 14-3 key — table — storage — unit , — 144 checker, 

445 FIFO buffer, — 2-04 tett? — 505 G¥^- f — 5£-3 RGMy 

204 - - RAM, — 505 hard disk, — 2-0-6 output unit, — 2-0^ 



input — unit, — 5-0-8 communication — unit, — 50-9 — drive, — 210 

input/output — interface, — 2-44 removable storage medium. 
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